Skip to Content.
Sympa Menu

shibboleth-dev - Re: Shibboleth SP - Handling Encrypted Assertions

Subject: Shibboleth Developers

List archive

Re: Shibboleth SP - Handling Encrypted Assertions


Chronological Thread 
  • From: Brent Putman <>
  • To:
  • Subject: Re: Shibboleth SP - Handling Encrypted Assertions
  • Date: Tue, 11 Mar 2008 18:57:38 -0400


wrote:

Does the Shibboleth SP have a requirement that Encrypted Assertions must include a copy of the x509 certificate used to encrypt the KeyInfo? 


I'll have to let Scott speak to what the current SP does/doesn't do, but my understanding was that it wasn't intended to require it.

When the Shibboleth IDP encrypts an assertion, it includes a copy of the SP’s x509 certificate, although I am unsure as to whether this is strictly required (could it not be assumed?).



No, it's not required by any profile, etc.  With XML Encryption, the sender/encrypter can include a KeyInfo hint with the (public) key by value or by reference/identifier, or it can leave it out entirely.  In the latter case, as you speculated, presumably the recipient/decrypter will know from context (the sender, etc) which one was used, or at least can constrain the set down to a small number of its local keys to try.  Often the recipient (e.g. SP) might have only 1 key anyway.

 

I am trying to test the Shibboleth SP with a different SAML IDP product, and it is not including a copy of the SP’s encryption certificate, and here is the sequence of messages I see in the logfile:


Out of curiosity, and if you can share: which IdP product?


 

The logging differences make me think the issue is the lack of including the X509Certificate, but I am not entirely sure if the problem is related to the KeyInfo encryption algorithm (another point of variance, the Shibboleth IDP uses rsa-oaep-mgf1p, but this product is using rsa-1_5 by default, and I have not fully investigated changing this algorithm).




FYI, the Shib IdP defaults to using rsa-oaep-mgf1p if the encrypted data encryption key is AES, and rsa-1_5 if it was Triple DES.  That's consistent with the recommendations in the XML Encryption spec.  AES-128 (and so with RSA-OAEP encrypted key transport) is the IdP default data encryption algorithm.

I'm pretty sure the SP easily supports both of those RSA key transport algorithms, via the Apache XML security lib.  rsa-1_5 is probably the more common one in fact and least likely to be broken I would imagine.

--Brent


Archive powered by MHonArc 2.6.16.

Top of Page